Thursday, 31 December 2015

In the two years since the PlayStation 4 first went on sale, hackers have enjoyed limited success in their efforts to open up the console. In June, a Brazilian team claimed the first PS4 "jailbreak," which involved the cumbersome process of copying the entire hard drive of a hacked machine using a Raspberry Pi, but it took until this month for a tinkerer to fully circumvent Sony's content protections. With a proper exploit in the wild, homebrew group fail0verflow took on the challenge of installing a full version of Linux on the system. It achieved its goal this week, giving the homebrew community hope that the PlayStation 4 will soon become a worthy tool in their arsenal.

Although exact details of the exploit have yet to be disclosed, it appears that the fail0verflow team took a WebKit bug recently documented by GitHub user CTurt and then turned things up a notch. CTurt's workaround focuses on the PlayStation 4's Webkit browser, which is tricked into freeing processes from the core of the console's operating system by an improvised webpage. The PS4 is powered by Sony's Orbis OS, which is based on a Unix-like software called FreeBSD and is therefore susceptible to common exploits.

With a route into the console's system, fail0verflow then identified weaknesses in the PlayStation 4's GPU. Engineers from semiconductor company Marvell were called out specifically and accused of "smoking some real good stuff" when they built the PlayStation 4's southbridge chip.

Before you start dreaming up your next DIY computing project, you should know that this proof-of-concept relies on PS4 firmware 1.76. Sony recently issued firmware 3.11 to consoles. While the bug has now been patched, it's believed the jailbreak could be altered to achieve the same outcome on more recent firmwares. Incidentally, the WebKit bug identified here is the exact same one that affected Apple's Safari browser, which put iOS 6.0 and OS X 10.7 and 10.8 at risk in 2013. It shows just how common WebKit-based software now is.

While PS4 owners won't be able to install pirated games anytime soon, fail0verflow's achievement shouldn't be dismissed. Sony went to a lot of trouble to ensure that unsigned code could not be run on the console. The company requires that the machine runs on the very latest software, meaning hacker groups still have a long way to go before the PlayStation 4 is made truly open to hobbyists -- just like the PlayStation 3 officially was when it first hit shelves almost a decade ago.

Four-month-old Teegan Lexcen was born in Minnesota with a small, malformed heart, no left lung, and the faintest chance of seeing her first Christmas. Now she's recovering after open-heart surgery at Nicklaus Children's Hospital in Miami, Florida, where a team of enterprising doctors used a smartphone and Google's Cardboard VR headset to peer into her chest and save her life.

Tackling such a delicate operation would've been harrowing even if the patient were an adult, but Teegan's situation was made trickier by her fragile frame. A successful surgery would have required an astute understanding of the shape her tiny heart was in, and 2D MRI scans could only tell part of the story. The answer? Dr. Juan-Carlos Muniz, head of Nicklaus Children's MRI department, converted those 2D scans into stereoscopic images, loaded them onto an iPhone and stuck it inside Google Cardboard for his colleague, cardiovascular surgeon Dr. Redmond Burke to peek at. The experience, Burke told UploadVR, was like "standing in the operating room" two weeks prior to surgery.

Armed with clearer knowledge of Teegan's heart, Dr. Burke figured out where to make his first incision — right in the middle of her chest. Seven hours later, Teegan got a new lease on life and the VR movement got a brand new feather in its collective cap. Most of the medical VR experiences we've seen have been centered around touring the deep recesses of the brain, be they abstract or unflinchingly complex. While those simulations tend to rely on high-grade VR setups like the Oculus Rift, the events of the past few weeks prove you don't need pricey gear to change minds and lives — just a willingness to look at things a little differently.

News from a “mysterious Android codebase commit” has revealed that Google is replacing its implementation of the Java application programming interfaces (APIs) in Android N with OpenJDK, the open source version of Oracle’s Java Development Kit (JDK).

The news came to light in an article last month in Hacker News with news of a code commit, which shows 8,902 files were committed with OpenJDK instead of the proprietary JDK version. Google has confirmed the use of OpenJDK in Android N, the next-generation version of its operating system.

Doing The Java Dance

The relationship between Google and Oracle has been historically fractious, culminating in the Oracle vs Google legal case where Oracle attempted to sue Google for copyright and patent infringement of Java APIs August 2010. (Oracle purchased Sun in January 2010, acquiring Java, and continued developing it.)

In implementing Android OS, Google wrote its own version of Java, but used the same names, organization, and functionality as the Java API. Google released the Android software development kit (SDK) on November 12, 2007. Google negotiated with Sun about possible partnership and licensing deals for Java, but no agreement was reached.

Oracle sued Google for copyright and patent infringement in August 2010. The case went to court with a ruling that APIs are not subject to copyright with a counter appeal by Oracle which had the decision reversed but left open the possibility that Google might have a fair use defense. In October 2014, Google petitioned the U.S. Supreme Court to hear the case. The petition was denied by the United States Supreme Court on June 29, 2015 and the case currently resides in a lower court without closure.

In light of the recent news, it's easy to wonder if the legal dispute between Oracle and Google has been settled out of court, or if it's a coincidence that Google is adopting OpenJDK. Google told VentureBeat that the legal dispute is still ongoing, so it couldn't comment on whether the code change is related to the dispute.

There has been increased dissatisfaction with Google's Java Android implementation from Android developers, with some seeking alternatives to bring the language up to date.

Languages such as Kotlin (developed by the creators of Android's official IDE Jetbrains) have sought to fill some of these gaps by offering features missing from the current Android implementation of Java such as static typing, reduction of boiler plate code alongside 100% Java interoperability. Others have wondered if Google might even try to replace Android's reliance on Java completely with languages such as Go or maybe if Hell freezes over, even Swift now there's a Linux compiler? Although these options are a lot of work and unlikely in the short term future.

At any rate, this news is a step forward to reduce the inconsistencies Android developers experience. Will the court case be resolved any time soon? With potentially monumental consequences for whether APIs can be trademarked, we'll have to wait and see.

Tuesday, 22 December 2015

Less than two weeks after Microsoft introduced its hands-free AI helper, Cortana, to Android mobile devices, the company has yanked the feature from the US market. Users used to be able to say "Hey, Cortana" and then issue a command, just like "OK, Google" natively does for Google Now. However, the feature appears to be incompatible with Google's voice recognition system and, in some cases, could make the phone unusable for commons tasks -- like making phone calls.

As such, Microsoft updated the app on Sunday to disable Cortana's voice activation. The company could well reinstate it once the interference issues are resolved but until then, the only way to talk to Microsoft's robo-helper in the states for the time being is on a Windows Phone. The feature is, however, still active for non-US customers.

Sunday, 20 December 2015

郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel’s keyring handler attempted to garbage collect incompletely instantiated keys.

He was quick to note that with this MSM DRM driver update from the Freedreno project there is now DSI support for Qualcomm's MSM8960 and APQ8064 hardware. He explains the impact as, "should be helpful for getting an upstream kernel working on nexus7/nexus4/etc." DSI is short for the Display Serial Interface and is a MIPI specification for communicating between the host and display device.

Saturday, 19 December 2015

Security researchers have discovered a ludicrously simple way to hack into a number of Linux distributions: Just tap the backspace key 28 times in a row. A team from the Cybersecurity Group at Polytechnic University of Valencia (UPV) in Spain found that doing so for builds utilizing the ubiquitous Grub2 bootloader -- that's to say just about all of them -- immediately bypasses the lock screen, initiates the "Grub rescue shell" and grants the user access to the system for whatever nefarious things they have in mind.

The team found that the backspace trick triggers a memory error, which in turn launches the rescue shell. The bug isn't a huge threat -- I mean, a hacker would need physical access to your machine in order to exploit it -- especially now that Ubuntu, Red Hat, and Debian all have released patches.

Senna.js is a blazing-fast single page application engine that provides several low-level APIs that allows you to build modern web-based applications with only ~8 KB of JavaScript without any dependency. When using a single page app, sending a link to a friend should get them where we were. More than that, a search engine spider […]

For the past year Intel's Open-Source Technology Center has been working on the Clear Linux Project as a way to accelerate VMs to the point they are as fast as software containers and provide the best Linux support for Intel hardware in various cloud use-cases. As part of doing this, they've had to make their distribution lightning fast. Clear Linux though can be stretched outside of traditional cloud use-cases if you just want a lean and mean distribution.

The new tool out of Disney Research's labs could turn an ingénue's semi-decent attempt into a finely nuanced performance. This software called FaceDirector has the capability to merge together separate frames from different takes to create the perfect scene. It does that by analyzing both the actor's face and audio cues to identify the frames that correspond with each other. As such, directors can create brand new takes during post-production with zero input from the actor. They don't even need specialized hardware like 3D cameras for the trick -- it works even with footage taken by regular 2D cams.

According to Disney Research VP Markus Gross, the tool could be used to lower a movie's production costs or to stay within the budget, say, if it's an indie film that doesn't have a lot of money to spare. "It's not unheard of for a director to re-shoot a crucial scene dozens of times, even 100 or more times, until satisfied," he said. "That not only takes a lot of time -- it also can be quite expensive. Now our research team has shown that a director can exert control over an actor's performance after the shoot with just a few takes, saving both time and money." Considering the lab also developed a way to make dubbed movies more believable and to take advantage of incredibly high frame rates, we wouldn't be surprised if filmmakers arm themselves with an arsenal of Disney Research tools in the future.

It's probably hard to visualize the way FaceDirector works without seeing an example, so make sure to watch the video below to see it in action.

Friday, 11 December 2015

Solar panels are a huge investment, so something like Project Sunroof that can tell you if they're a good fit for your location is extremely useful. The good news is, the initiative is expanding to more locations across the US. Now, if you have a house in select metro areas in Arizona, California, Colorado, Connecticut, Massachusetts, New York, New Jersey, Nevada and North Carolina, you can try plugging in your address on the tool and check if it covers your location. If it does, you'll get an assessment of how many hours of usable sunlight you can get per year, how much of your roofspace can can be covered by solar panels and how much money you can save by getting a solar installation.

Project Sunroof uses the same visuals as Google Earth, and according to the Google Green blog, it looks at the orientation of your roof, the surrounding trees and buildings, as well as local weather patterns to make its assessment. You can try out Project Sunroof on its website -- if you live outside its covered areas just click "Try a Demo" to see how it works.

Almost by definition, the coolest technology and bleeding-edge research is locked away in universities. While this is great for post-docs and their grant-writing abilities, it’s not the best system for people who want to use this technology. A few years ago, and many times since then, we’ve seen a bit of research that turned a Kinect into a 3D mapping camera for extremely large areas. This is the future of VR, but a proper distribution has been held up by licenses and a general IP rights rigamarole. Now, the source for this technology, Kintinuous and ElasticFusion, are available on Github, …read more

While Uber just announced that it's testing out some very familiar-looking group transportation options, its next competition could come from Ford. Today at an event in Dearborn, the carmaker showed off the Dynamic Shuttle service it's testing for employees, that it says could make Ford a "mobility service provider." On its campus, the Dynamic Shuttle people request a ride via the app, which determines an optimally located van to complete the trip. Reuters quotes VP of Research Ken Washington as saying "We see this as a business we want to be in," especially in a future where people who previously needed cars could potentially opt for ride sharing service instead. Slideshow-347368

According to Ford it tries to increase occupancy and reduce the amount of single riders, while also considering weather and presence of other shuttles, while learning from traffic patterns and frequently requested destinations. Naturally, the "perfect" vehicle for the service is Ford's Transit Van, carrying six to eight passengers while including amenities like USB charging ports and WiFi.

Describing what is fundamentally a smarter bus service, the developers noted many people are willing to walk to a neutral location for easier pickups. Ford is apparently considering expanding the program beyond its corporate campus, which probably can't come a moment too soon. While researchers pulled in data from far-flung locations like Mumbai and São Paulo, they only need look around the Metro Detroit area for a region desperately in need of faster and more flexible transportation options.

Wednesday, 9 December 2015

Life just got easier if your company is one of the 300,000 relying on Esri solutions to visually understand and analyze location data. That's because the Esri ArcGIS Desktop Virtualization Appliance with NVIDIA GRID graphics virtualization technology is here. Now, geographic information systems (GIS) applications, like Esri ArcGIS Pro, can be delivered to users in the field, on any connected device. Previously, using ArcGIS Pro had been confined to high-end workstations. With NVIDIA GRID, users anywhere get the same high-end experience, but the application stays hosted in the data center. Whether for city planning, military operations, facilities management or natural resource conservation, all sorts of organizations use ArcGIS Pro. Schools, governments and businesses use it to analyze data, create maps, visualize scenarios and share information, in both 2D and 3D environments. Comments

The ultra-cheap Raspberry Pi computers have a security flaw which results in the devices generating a weak and predictable SSH key, new research suggests. The researchers say the computer’s operating system, Raspbian, should be patched to avoid the flaw. "As soon as the systems start up systemd-random-seed tries to seed /dev/urandom, but /var/lib/systemd/random-seed is missing, because it hasn’t been created yet", explains the developer oittaa. "/etc/rc2.d/S01regenerate_ssh_host_keys is executed, but /dev/urandom pool doesn’t have that much entropy at this point and predictable SSH host keys will be created", he continues. According to the report, there are two ways developers can create… [Continue Reading]

Friday, 27 November 2015

Elasticsearch SQL — Query elasticsearch using familiar SQL syntax. You can also use ES functions in SQL. Apache2-licensed. In Communist China, Tinder Screws You — Chinese Tinder clone Tantan is endangering young women and men by failing to use encryption …

Following Tim Cook's lead, the advocacy group behind Apple, Google, Microsoft and plenty of other big tech firms has come out against calls to weaken encryption, which authorities argue would make it easier to track criminals. "Weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys," said Dean Garfield, the CEO of the Information Technology Industry Counsel (ITIC), who also represents Facebook, Twitter and AOL. It "would almost certainly cause serious physical and financial harm across our society and our economy," he added. The backlash against strong encryption is particularly heated today, following the recent Paris attacks. While secure communications are generally a good thing for consumers, governments (including the US and UK) have argued for backdoors that would allow them to intercept encrypted data. Naturally, that would make life easier for intelligence agencies, but it defeats the point of having encryption at all.